[Mimedefang] Blocking spam senders using IPTables?
amilivojevic at pbl.ca
Thu Nov 4 09:35:16 EST 2004
Paul Murphy wrote:
> You are correct - Sendmail doesn't log them by default. If you get a null
> connection, that gets logged. If the sender is refused by check_rcpt, that gets
> logged. But invalid commands, including those generated after a sender ignores
> a 5xx error and carries on through the DATA phase, aren't logged at all.
Hm, wouldn't better idea be detecting this in Sendmail. For example,
after sendmail sends 5xx response to DATA, if next command looks like
mail header, or if next 5 or 6 commands are invalid, start inserting
sleep(60) after every call to read(), and call read() with really small
buffer (say only 1k, or even smaller). Only minimum bandwith will be
wasted, spammer would be significantly slowed down, and you are still
perfectly RFC compliant (there's nothing in RFC's saying that you are
not allowed to slow things down). It shouldn't be hard to patch
Sendmail in this way. Basically, this would be generalization of
already existing Sendmail feature (slowing things down if number of bad
RCPT's is detected). If tactic becomes widespread, spammers might start
actually looking for 5xx codes and acting accordingly.
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the MIMEDefang